Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp

Issue 2442513004: Part 1.1: Is policy list subsumed under subsuming policy? (Closed)
Patch Set: Separating functionalities Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/frame/csp/CSPSource.h" 5 #include "core/frame/csp/CSPSource.h"
6 6
7 #include "core/dom/Document.h" 7 #include "core/dom/Document.h"
8 #include "core/frame/csp/ContentSecurityPolicy.h" 8 #include "core/frame/csp/ContentSecurityPolicy.h"
9 #include "platform/network/ResourceRequest.h" 9 #include "platform/network/ResourceRequest.h"
10 #include "platform/weborigin/KURL.h" 10 #include "platform/weborigin/KURL.h"
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
116 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); 116 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/")));
117 117
118 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); 118 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/")));
119 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); 119 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/")));
120 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); 120 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/")));
121 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); 121 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/")));
122 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); 122 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/")));
123 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); 123 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/")));
124 } 124 }
125 125
126 TEST_F(CSPSourceTest, IsSubsumedNotSimilar) {
127 struct TestCase {
128 String aScheme;
129 String bScheme;
130 String aHost;
131 String bHost;
132 String aPath;
133 String bPath;
134 int aPort;
135 int bPort;
136 } cases[] = {
137 {"http", "http", "example.com", "another.com", "/", "/", 0, 0},
138 {"wss", "http", "example.com", "example.com", "/", "/", 0, 0},
139 {"wss", "about", "example.com", "example.com", "/", "/", 0, 0},
140 {"http", "about", "example.com", "example.com", "/", "/", 0, 0},
141 {"http", "http", "example.com", "example.com", "/path1.html",
142 "/path2.html", 0, 0},
143 {"http", "http", "example.com", "example.com", "/", "/", 433, 800},
144 };
145 for (const auto& test : cases) {
146 CSPSource* returned =
147 new CSPSource(csp.get(), test.aScheme, test.aHost, test.aPort,
148 test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
149 CSPSource* required =
150 new CSPSource(csp.get(), test.bScheme, test.bHost, test.bPort,
151 test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
152 EXPECT_FALSE(returned->isSubsumed(required));
153 // Verify the same test with a and b swapped.
154 EXPECT_FALSE(required->isSubsumed(returned));
155 }
156 }
157
158 TEST_F(CSPSourceTest, IsSubsumedNoWildcards) {
159 struct TestCase {
160 String aScheme;
161 String bScheme;
162 String aPath;
163 String bPath;
164 int aPort;
165 int bPort;
166 bool expected;
167 bool expectedWhenSwapped;
168 } cases[] = {
169 // Equal signals
170 {"http", "http", "/", "/", 0, 0, true, true},
171 {"https", "https", "/", "/", 0, 0, true, true},
172 {"http", "http", "/page1.html", "/page1.html", 0, 0, true, true},
173 {"http", "http", "/", "/", 80, 80, true, true},
174 {"https", "https", "/", "/", 80, 80, true, true},
175 {"https", "https", "/page1.html", "/page1.html", 0, 0, true, true},
176 {"http", "http", "/page1.html", "/page1.html", 80, 80, true, true},
177 {"https", "https", "/page1.html", "/page1.html", 80, 80, true, true},
178 // One stronger signal in the first CSPSource
179 {"https", "http", "/", "/", 0, 0, true, false},
180 {"http", "http", "/page1.html", "/", 0, 0, true, false},
181 {"http", "http", "/", "/", 800, 0, false, false}, // ports do not match
182 // Two stronger signals in the first CSPSource
183 {"https", "http", "/page1.html", "/", 0, 0, true, false},
184 {"https", "http", "/", "/", 800, 0, false, false},
185 {"http", "http", "/page1.html", "/", 800, 0, false, false},
186 // Three stronger signals in the first CSPSource
187 {"https", "http", "/page1.html", "/", 800, 0, false,
188 false}, // ports do not match
189 // Mixed signals
190 {"https", "http", "/", "/page1.html", 0, 0, false, false},
191 {"https", "http", "/", "/", 0, 800, false, false},
192 {"http", "http", "/page1.html", "/", 0, 800, false, false},
193 };
194
195 for (const auto& test : cases) {
196 CSPSource* returned =
197 new CSPSource(csp.get(), test.aScheme, "example.com", test.aPort,
198 test.aPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
199
200 CSPSource* required =
201 new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort,
202 test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
203
204 EXPECT_EQ(returned->isSubsumed(required), test.expected);
205 // Verify the same test with a and b swapped.
206 EXPECT_EQ(required->isSubsumed(returned), test.expectedWhenSwapped);
207 }
208
209 // When returned CSP has a wildcard but the required csp does not, then it is
210 // not subsumed.
211 // returned csp has a host wildcard.
212 for (const auto& test : cases) {
213 CSPSource* returned = new CSPSource(
214 csp.get(), test.aScheme, "example.com", test.aPort, test.aPath,
215 CSPSource::HasWildcard, CSPSource::NoWildcard);
216
217 CSPSource* required =
218 new CSPSource(csp.get(), test.bScheme, "example.com", test.bPort,
219 test.bPath, CSPSource::NoWildcard, CSPSource::NoWildcard);
220
221 EXPECT_FALSE(returned->isSubsumed(required));
222 }
223
224 // required csp has a host wildcard now too.
225 for (const auto& test : cases) {
226 CSPSource* returned = new CSPSource(
227 csp.get(), test.aScheme, "example.com", test.aPort, test.aPath,
228 CSPSource::HasWildcard, CSPSource::NoWildcard);
229
230 CSPSource* required = new CSPSource(
231 csp.get(), test.bScheme, "example.com", test.bPort, test.bPath,
232 CSPSource::HasWildcard, CSPSource::NoWildcard);
233
234 EXPECT_EQ(returned->isSubsumed(required), test.expected);
235 }
236 }
237
238 TEST_F(CSPSourceTest, IsSubsumedWildcards) {
239 // Hosts must be equal, schemes matching as well as paths.
240 struct TestCase {
241 CSPSource::WildcardDisposition aHostDispotion;
242 CSPSource::WildcardDisposition aPortDispotion;
243 CSPSource::WildcardDisposition bHostDispotion;
244 CSPSource::WildcardDisposition bPortDispotion;
245 bool expected;
246 } cases[] = {
247 // One out of four possible wildcards.
248 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
249 CSPSource::NoWildcard, false},
250 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
251 CSPSource::NoWildcard, false},
252 {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
253 CSPSource::HasWildcard, true},
254 {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
255 CSPSource::NoWildcard, true},
256 // Two out of four possible wildcards.
257 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
258 CSPSource::NoWildcard, false},
259 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
260 CSPSource::NoWildcard, true},
261 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::NoWildcard,
262 CSPSource::HasWildcard, false},
263 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
264 CSPSource::NoWildcard, false},
265 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
266 CSPSource::HasWildcard, true},
267 {CSPSource::NoWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
268 CSPSource::HasWildcard, true},
269 // Three out of four possible wildcards.
270 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
271 CSPSource::NoWildcard, false},
272 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::NoWildcard,
273 CSPSource::HasWildcard, false},
274 {CSPSource::HasWildcard, CSPSource::NoWildcard, CSPSource::HasWildcard,
275 CSPSource::HasWildcard, true},
276 {CSPSource::NoWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
277 CSPSource::HasWildcard, true},
278 // Four out of four possible wildcards.
279 {CSPSource::HasWildcard, CSPSource::HasWildcard, CSPSource::HasWildcard,
280 CSPSource::HasWildcard, true},
281 };
282 // There are different cases for wildcards but now also the second CSPSource
283 // has a more specific path.
284 for (const auto& test : cases) {
285 CSPSource* returned =
286 new CSPSource(csp.get(), "http", "example.com", 0, "/",
287 test.aHostDispotion, test.aPortDispotion);
288 CSPSource* required =
289 new CSPSource(csp.get(), "http", "example.com", 0, "/",
290 test.bHostDispotion, test.bPortDispotion);
291 EXPECT_EQ(returned->isSubsumed(required), test.expected);
292
293 // Wildcards should not matter when required csp is stricter than returned
294 // csp.
295 CSPSource* required2 =
296 new CSPSource(csp.get(), "https", "example.com", 0, "/",
297 test.bHostDispotion, test.bPortDispotion);
298 EXPECT_FALSE(returned->isSubsumed(required2));
299 }
300 }
301
302 TEST_F(CSPSourceTest, IsSubsumedSchemesOnly) {
303 struct TestCase {
304 String aScheme;
305 String bScheme;
306 bool expected;
307 } cases[] = {
308 // HTTP
309 {"http", "http", true},
310 {"http", "https", false},
311 {"https", "http", true},
312 {"https", "https", true},
313 // WSS
314 {"ws", "ws", true},
315 {"ws", "wss", false},
316 {"wss", "ws", true},
317 {"wss", "wss", true},
318 // Unequal
319 {"ws", "http", false},
320 {"http", "ws", false},
321 {"http", "about", false},
322 };
323 for (const auto& test : cases) {
324 CSPSource* returned =
325 new CSPSource(csp.get(), test.aScheme, "example.com", 0, "/",
326 CSPSource::NoWildcard, CSPSource::NoWildcard);
327 CSPSource* required =
328 new CSPSource(csp.get(), test.bScheme, "example.com", 0, "/",
329 CSPSource::NoWildcard, CSPSource::NoWildcard);
330 EXPECT_EQ(returned->isSubsumed(required), test.expected);
331 }
332 }
333
126 } // namespace blink 334 } // namespace blink
OLDNEW
« third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('K') | « third_party/WebKit/Source/core/frame/csp/CSPSource.cpp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698